[foaf-protocols] Fwd: gnome-keyring Storage of trust assertions
melvincarvalho at gmail.com
Wed Dec 8 02:47:44 CET 2010
---------- Forwarded message ----------
From: Stef Walter <stefw at collabora.co.uk>
Date: 7 December 2010 21:46
Subject: gnome-keyring Storage of trust assertions
To: "gnome-keyring-list at gnome.org" <gnome-keyring-list at gnome.org>
I've been doing some work on the storage of trust assertions in
gnome-keyring. These are used to store things like certificate
exceptions (per host), trust anchors, and certificate revocation lists.
I've been implementing the trust assertions rough draft spec  with
compatibility for netscape trust objects  as well.
libgcr has new functions  for looking up whether a certificate
exception exists for a given certificate, and looking up trust anchors
(among other things). These functions use PKCS#11 internally to access
the modules where this data is stored.
The storage takes place in the pkcs11/xdg-store PKCS#11 module.
BTW, I was thinking about signing the files containing the trust
assertions, with a key for each user. But it turns out this has no value
at all if malicious code can just replace the signing key. :S
All the above code in in the trust-store branch of gnome-keyring.
 rough draft: http://people.collabora.co.uk/~stefw/trust-assertions.html
gnome-keyring-list mailing list
gnome-keyring-list at gnome.org
More information about the foaf-protocols